Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When strict transformations are enabled, token-based access fails with a 401 #699

Open
wesdimiceli opened this issue Jan 21, 2025 · 2 comments
Open

When strict transformations are enabled, token-based access fails with a 401 #699

wesdimiceli opened this issue Jan 21, 2025 · 2 comments

Comments

@wesdimiceli
Copy link

Describe the bug in a sentence or two.

When I set both the auth_token and sign_url parameters on cloudinary.url, the resulting URL is given a token but is not signed. Thus, if I have strict transformations enabled, I still get a 401 from the resulting URL.

Issue Type (Can be multiple)

[ ] Build - Can’t install or import the SDK
[ ] Babel - Babel errors or cross browser issues
[ ] Performance - Performance issues
[x] Behaviour - Functions aren’t working as expected (Such as generate URL)
[ ] Documentation - Inconsistency between the docs and behaviour
[ ] Incorrect Types - For typescript users who are having problems with our d.ts files
[ ] Other (Specify)

Steps to reproduce

Any basic call to cloudinary.url, e.g.:

cloudinary.url('my_image', {
  type: 'upload',
  auth_token: { key: '<encryption-key>', duration: 300 },
  sign_url: true,
})

This gives me:
https://res.cloudinary.com/<env>/image/upload/my_image?__cld_token__=exp=1234~hmac=<snip>&_a=BAMCkGUm0

The URL is missing the signature path param, so if I have strict transformations, the URL doesn't work.

Seems like this conditional is preventing it:

cloudinary_npm/lib/utils/index.js

Line 880 in d12a63f

if (sign_url && isEmpty(auth_token)) {

I'm not sure if there's a different reason for it, but as a new user to the platform, my gut feeling says this part might need to change.

Versions and Libraries (fill in the version numbers)

Cloudinary_NPM SDK version 2.5.1
Node - 18.13.0
NPM - 0.0.0
PNPM - 9.4.0
@tommyg-cld
Copy link
Contributor

@wesdimiceli there is actually a feature request for this already but no ETA. One workaround for now is to manually generate the signature path param as per Manual signature generation and then pass this signature as part of the transformation parameter when using cloudinary.url() function so it will be included in the URL along with the token.

let me know how you get on.

@wesdimiceli
Copy link
Author

Thanks for getting back to me quickly. This one isn't so bad to work around, I found it easier to just generate the auth token separately and then stitch it onto the query string -- for anyone reading this looking for a quick solve, my working code ends up roughly like this:

const imageURL = cloudinary.url('my_image', {
    type: 'authenticated',
    sign_url: true,
})

const token = cloudinary.utils.generate_auth_token({
    duration: 300,
    key: '<encryption_key>',
    url: new URL(imageURL).pathname,
})

// console.log(imageURL + `&${token}`)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wesdimiceli @tommyg-cld